As part of our Microsoft School Agreement, we are licensed for Microsoft Forefront Client on the machines covered under the agreement which is all the computers. I have been using McAfee Total Protection. I like this as it doesn’t matter if the computer is connected to the domain or not, updates happen automatically. It works well I have no complaints, but no use paying for a product twice.

Deployment of Forefront Client

I hit the Microsoft page for Forefront with hopes that there would be information on how to install it. There is a deployment guide, but it is a major production. There is about 5 roles that need to be deployed. You can install all of them to the same server, but I am uncertain if Windows 2008 is supported or not. I am deploying this on a Hyper-V server as a VM guest so installing Windows Server 2003 is no big deal but I am not interested in going down that road today. I just wanted to install the client and have it pick up its up dates from the WSUS server I have deployed internally. After checking out the documentation a few times, I finally stumbled upon how to install Forefront for employees use on home computers.

Installing Forefront

The command line is pretty straight forward. In the client directory of the CD, jump to a command prompt and run CLIENTSETUP /NOMOM

That’s it. It will install the client and then if you have machine setup to check your WSUS server for updates, then it will go out, pick up the updates from the WSUS server I have deployed internally.

There are some caveats, one is you have to go to each machine to deploy this. You could script it but if you are going to go through that, then why not fully deploy the server. The second thing is you don’t get reporting back from the clients. In my case, I don’t mind, they all call me when something goes wrong. I think over the next few months when I have time, I will look at deploying the management server for this.